I wonder if its possible to do ldap lookups when handling accounting (start) packets? This would likely mean adding an "ldap" entry to the accounting{} section of the radiusd.conf file.
At the moment I am calling an external script from the acct-users file usingg: DEFAULT Acct-Status-Type == Start Exec-Program = "/etc/freeradius/scripts/acct_start.py %{User-Name}" but this is inefficient as i want to only start an external interpreter if an ldap attribiute is set to certain values. if the freeradius daemon, which holds open sessions to the ldap server, can re-use those connections during the accounting phase, and the acct-users file could restrict calling the external code based on those attributes ... something like: DEFAULT Acct-Status-Type == Start, Ldap_Attribute == My_Specific_Value_1 Exec-Program = "/etc/freeradius/scripts/acct_start.py %{User-Name}" DEFAULT Acct-Status-Type == Start, Ldap_Attribute == My_Specific_Value_2 Exec-Program = "/etc/freeradius/scripts/acct_start.py %{User-Name}" i've not found anyone try this. is it a bad idea to try to get the "rlm_ldap" module called from the accounting{} section? can the returned attributes be mapped or accessed such as {%ldap:Attribue_Name} or similar? I'm prepared to do some development work to get this working - i know that when i last looked at freeradius 1.0.2 accessing ldap attributes from the users files was not possible. any ideas or comments or pointers would be gratefully received tariq - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html